Access denied access controller with CodeIgniter

Navigation
2

I made an application with code igniter and implemented a login screen. When logged in, the user is directed to the dashboard screen. When you click on any link on this screen, the message "Forbidden access" is displayed:

Imadeachecktounderstandthedifferencebetweentheloginscreen(whichworks)andtheotherscreenstounderstandtheproblem.

LoginForm:

<divclass="container">
<div class="card card-login mx-auto mt-5">
  <div class="card-header">Finanças</div>
  <div class="card-body">
    <form role="form" method="post" action="<?php echo site_url('login/auth');?>">
      <div class="form-group">
        <label for="login">Login</label>
        <input class="form-control c-form-control" id="login" name="username" type="text" aria-describedby="emailHelp">
      </div>
      <div class="form-group">
        <label for="password">Senha</label>
        <input class="form-control c-form-control" id="password" name="password" type="password">
      </div>
      <input type="submit" name="btnAcessar" value="Acessar" class="btn c-btn-login btn-block">
    </form>
    <div class="text-center">
      <a class="d-block c-a-style small mt-3" href="#">Esqueceu a senha?</a>
    </div>
  </div>
</div>

Login / auth method 

public function auth() {

    //Captura da requisição os dados que vieram do formulario
    $username = $this->input->post('username');
    $password = $this->input->post('password');

    // Captura os dados do banco e valida com os da requisição
    $userInfo = $this->user_model->get_user($username);

    if(strtolower($username) == strtolower($userInfo["USERNAME"]) && md5($password) == $userInfo["PASSWORD"]){

        $data['username'] = $userInfo["USERNAME"];
        $data['name'] = $userInfo["NAME"];

        $this->session->set_userdata("user_logged", $username);
        $this->load->view('templates/system-header', $data);
        $this->load->view('pages/Dashboard', $data);
        $this->load->view('templates/system-footer');
    } else {
        echo "Usuário e/ou senha incorretos.";
    }
}

Sample call to any screen within the application 

<li class="nav-item" data-toggle="tooltip" data-placement="right" title="Titulos">
      <a class="nav-link call-content" href="<?php echo site_url('application/titulos');?>" value="pedidos">
        <i class="fa fa-fw fa-file-text-o"></i>
        <span class="nav-link-text">Titulos</span>
      </a>
    </li>

Application / title method 

public function titulos($page = 'titulos') {
    if (!file_exists(APPPATH.'views/pages/'.$page.'.php')) {
        show_404();
    }
    $this->load->view('templates/system-header', $data);
    $this->load->view('pages/titulos', $data);
    $this->load->view('templates/system-footer');
}

The framework itself generated a .htaccess file in the 'views' folder: 

<IfModule authz_core_module>
    Require all denied
</IfModule>
<IfModule !authz_core_module>
    Deny from all
</IfModule>

I have a .htaccess file in the project root to 'hide' the index.php from url: 

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?$1 [L]
</IfModule>

I think it's important to say that I'm using session. As the error screen is not formatted like CodeIgniter does, I believe it's something with PHP or XAMPP that I'm using. The directories have full access to the read and write. I'm using locally in my Windows 10.

Any idea what it might be?

    
asked by anonymous 11.01.2018 / 19:25

1 answer

1

The error was in the config.php file, located at application/config/config.php . % variable with% was empty. I added the code below and the problem was solved: 

$config['index_page'] = 'index.php';

The .htaccess is not hiding the 'index.php' from the url, but this is a problem for another question.

    
12.01.2018 / 14:46
How to put a space between two buttons? Treatment "escape" in query (escape of characters)